← Back to Skills Marketplace
yuyonghao-123

React Orchestrator

by yuyonghao-123 · GitHub ↗ · v0.1.0 · MIT-0
cross-platform ⚠ suspicious
139
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install yuyonghao-react-orchestrator
Description
基于 ReAct 框架的双系统 AI 协调器,自动评估任务复杂度,智能切换快速执行和深度推理模式,支持多工具协作。
Usage Guidance
This skill appears to implement the advertised ReAct orchestration and includes helpful features (HITL, Code Mode, tool registry). However: - The package metadata lists no required env vars, but the code and examples reference TAVILY_API_KEY and call external APIs; treat these as optional integrations but be explicit about what you set. Do not expose sensitive env vars unless you trust the skill. - The Code Mode will write temp files and spawn child processes (node and PowerShell). That means it can read/write filesystem paths and execute arbitrary code — run in an isolated environment (container/VM) if you are unsure. - Built-in templates include file-read and file-write operations. Enable and configure HITL (requireApproval for file-write / execute-command) before letting the orchestrator act on your behalf. - package.json is minimal (only zod). The code references modules (e.g., 'tavily-search') not declared as dependencies; inspect and install required third‑party libs yourself from trusted sources. - If you plan to use networked features or the A2A functionality later, audit any networking endpoints and consider firewalling the runtime or limiting outbound access. If you want to proceed, run it in a sandbox, enable HITL approvals for dangerous operations, and avoid supplying real secrets (API keys, cloud credentials) until you have audited templates and tool implementations. If anything is unclear, ask the author to add explicit metadata listing required env vars, external endpoints, and a dependency list.
Capability Analysis
Type: OpenClaw Skill Name: yuyonghao-react-orchestrator Version: 0.1.0 The bundle implements a 'Code Mode' feature in `src/code-mode.js` that converts tool calls into executable JavaScript or PowerShell code, which is then run locally using `child_process.spawn`. This creates a significant Remote Code Execution (RCE) surface, especially as it includes built-in templates for file system operations and executes PowerShell with `-ExecutionPolicy Bypass`. While this is presented as a token-optimization feature and lacks explicit evidence of malicious intent (such as hardcoded exfiltration or backdoors), the capability to generate and execute arbitrary code based on LLM-provided parameters is inherently high-risk.
Capability Assessment
Purpose & Capability
The code and docs implement the stated dual-system ReAct orchestrator, tool registry, Code Mode and HITL features — which is coherent with the skill description. However the code references third‑party integrations (e.g., require('tavily-search') templates, calls to https://api.tavily.com) and environment variables (process.env.TAVILY_API_KEY) even though the skill metadata lists no required env vars or external dependencies. That mismatch should be clarified.
Instruction Scope
SKILL.md instructs registering and invoking tools, including examples that read/write files and call network APIs. The repository contains templates and runtime that will read arbitrary file paths, write files, spawn Node/PowerShell subprocesses, and make outbound HTTP requests. These behaviors go beyond simple 'reasoning' and require explicit user consent and configuration; the runtime instructions do not enumerate these risks or required safeguards.
Install Mechanism
There is no external download/install spec (instruction-only / local npm package). That lowers supply‑chain risk. However package.json only lists 'zod' while code expects other modules (e.g., 'tavily-search') in templates — users must install or provide those dependencies manually. The skill writes temporary files and spawns child processes, but those actions are implemented locally (no remote install URL).
Credentials
Registry metadata declares no required environment variables, yet code and examples reference process.env.TAVILY_API_KEY and other env usage (templates and examples). Child processes are started with env: {...process.env}, so any environment secrets available to the host would be visible to executed code. The skill therefore has the ability to access environment secrets even though none are declared — this is a proportionality and disclosure concern.
Persistence & Privilege
The skill is not marked always:true and doesn't request persistent system-wide privileges. It does create temporary files in the OS temp directory and spawns processes (node, powershell.exe). Those runtime privileges are significant but consistent with the Code Mode feature; ensure you run it where executing arbitrary code and PowerShell is acceptable.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install yuyonghao-react-orchestrator
  3. After installation, invoke the skill by name or use /yuyonghao-react-orchestrator
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
Initial release with dual-system ReAct agent framework and Reflexion mechanism. - Introduces System 1 (fast execution) and System 2 (deep reasoning) with automatic mode switching based on task complexity. - Implements ReAct reasoning loop and periodic Reflexion for self-correction. - Includes centralized tool registry with automatic tool matching and timeout controls. - Provides full task execution history for auditing and debugging. - Offers configuration options, extensive API documentation, and basic test coverage.
Metadata
Slug yuyonghao-react-orchestrator
Version 0.1.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is React Orchestrator?

基于 ReAct 框架的双系统 AI 协调器,自动评估任务复杂度,智能切换快速执行和深度推理模式,支持多工具协作。 It is an AI Agent Skill for Claude Code / OpenClaw, with 139 downloads so far.

How do I install React Orchestrator?

Run "/install yuyonghao-react-orchestrator" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is React Orchestrator free?

Yes, React Orchestrator is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does React Orchestrator support?

React Orchestrator is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created React Orchestrator?

It is built and maintained by yuyonghao-123 (@yuyonghao-123); the current version is v0.1.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments